RADIUS accounting logs all of the activity of each remote user in a session on the centralized RADIUS accounting server.
Session-IDs for each RADIUS account generate as 12-character strings. The first four characters in the string form a random number in hexadecimal format. The last eight characters in the string indicate the number of user sessions started since the last restart, in hexadecimal format.
The Network Address Server (NAS) IP address for a session is the address of the device interface to which the remote session is connected over the network. For a console session, modem session, and sessions running on debug ports, this value is set to 0.0.0.0, as is the case with RADIUS authentication.
The following table summarizes the events and associated accounting information logged at the RADIUS accounting server.
|
Event |
Accounting information logged at server |
|---|---|
|
Accounting is turned on at router |
|
|
Accounting is turned off at router |
|
|
User logs on |
|
|
More than 40 CLI commands are executed |
|
|
User logs off |
|
When the device communicates with the RADIUS accounting server, the following actions occur:
If the server sends an invalid response, the response is silently discarded and the server does not make an attempt to resend the request.
User-specified number of attempts are made if the server does not respond within the user-configured timeout interval. If a server does not respond to any of the retries, requests are sent to the next priority server (if configured). You can configure up to 10 RADIUS servers for redundancy.
Note
RADIUS server used‐by endpoint‐tracking does not support accounting.